Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue.

When running an AD DC, you only need to run 'samba' (not smbd/nmbd/winbindd), as the required services are co-coordinated by this master binary. The tool to administer the Active Directory services is called 'samba-tool'.

A short guide to setting up Samba 4 as an AD DC can be found on the wiki.

File Services

Samba 4.0.0 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default.

Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used prior to the beta2 release of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term.

For pure file server work, the binaries users would expect from that series (smbd, nmbd, winbindd, smbpasswd) continue to be available.

DNS

As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind.

NTP

To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options.

Python Scripting Interface

A new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python.